GlowPlus? Risks and questions

What is the future of Glow now that the ICT Excellence Group report is in and the recommendations have been made? How can the agile development of the future GlowPlus be taken forward in a manner that fits with public sector procurement, the need to ensure continuity of service and the need to manage risk effectively in the services we deliver?

Is procurement the problem?

As we have seen with the initial Glow procurement in the mid-2000s’, the halted Glow Futures procurement exercise and the current extension of the Glow contract with RM; it would be true to say that large scale procurement exercises do not appear to deliver innovative, agile public services.

We have to acknowledge, with close to 70 million pounds spent (since 2005) but a weekly returning number of ~52,000 users (and falling) from a total of 1,025,027 that Glow is not in a healthy state. Glow really needs some re-imagining, re-branding and some brave leadership to become the cutting edge, purposeful, useful and innovative service required for Scottish education in the 21st century. Many of the problems Glow has encountered are historic; Education Scotland has inherited a system which did not change with the times (other than the refresh of 2010); and is currently rolling out a platform presented by the only bidder. Office 365 should provide great email and productivity tools but is it the best product to support a device agnostic, anytime, anywhere platform for learning? Glow missed Web 2.0, missed social media and networking and missed the mobile revolution. It could have caught up if there had been money to innovate but sadly there was never enough to really make a difference and the costs involved in making changes while tied into a contract with a single supplier were staggering. We have some catching up to do.

To become the service to deliver a National Online Campus (as proposed by ADES) and the tool to deliver the key support for Curriculum for Excellence it needs rapid and customer focused development. It needs to be beautifully simple and utterly intuitive and it needs a new model of public sector service delivery.

A small agile group?

The model of implementation suggested by the ICT Excellence group is a small agile team responsible for the development of the platform. This team would develop the core services (authentication, portal and configuration services) and the integration with other tools and services in response to user need.

This group would manage the project, report to the ICT in Education programme board, and ensure service delivery. But what are the risks?

Service Delivery

Running a system for over one million users isn’t a trivial thing. You don’t knock it out on your own servers and hope it will work. It needs expertise, server infrastructure that can adapt to peak usage times and provide quick responses. Your users don’t have time to waste, your service needs to be almost always available – imagine the frustration of the teacher getting up early to create material for a class or the learner revising into the night only to find the service isn’t available! Not delivering on high availability will kill your user base.

To get a feeling of what we need look at this table of “nines”.

Availability %

Downtime per year

Downtime per month*

Downtime per week

90% (“one nine”)

36.5 days

72 hours

16.8 hours

95%

18.25 days

36 hours

8.4 hours

98%

7.30 days

14.4 hours

3.36 hours

99% (“two nines”)

3.65 days

7.20 hours

1.68 hours

99.5%

1.83 days

3.60 hours

50.4 minutes

99.8%

17.52 hours

86.23 minutes

20.16 minutes

99.9% (“three nines”)

8.76 hours

43.2 minutes

10.1 minutes

99.95%

4.38 hours

21.56 minutes

5.04 minutes

99.99% (“four nines”)

52.56 minutes

4.32 minutes

1.01 minutes

99.999% (“five nines”)

5.26 minutes

25.9 seconds

6.05 seconds

99.9999% (“six nines”)

31.5 seconds

2.59 seconds

0.605 seconds

* For monthly calculations, a 30-day month is used.

To deliver three or even two “nines” uptime, is a major effort. But that is where we should be aiming. If we want GlowPlus to be a credible service it needs to be available to the same level as Twitter, Facebook, Tumblr and so on.

Security

If you run any type of service or site on-line you will be attacked. It’s only a matter of time. Software robots, written by hackers, trawl the web trying to find flaws in sites’ security. When they find the holes, they get stuck in; stealing user data for spam lists or fraud, stealing the resources of your web servers to send spam or attack other computers etc. etc. The security of your service is not a trivial matter. How do you know that your code is secure? How do you test your system to ensure that it is secured against attack? GlowPlus will have user data, it will need to be protected. How will a small agile team ensure that this happens?

And the users need to be protected from each other. How will a small agile team deal with bullying, investigations, RIPSA etc.? How will users report inappropriate behaviour, will this small agile group have capacity to respond? What will be the process of directing this back to LAs, schools, head teachers etc? And again, how will this small agile group manage this?

Failure to support mobile devices

With a national £60 million investment in mobile technology, a failure to support that technology in our national service to schools would be a significant failure. With the world wide trend moving from desktop/laptop to tablet we have to respond with a service that is brilliant on mobile. Increasingly, our learners have better tech in their pockets than we do in the school. We need to embrace mobile. Nothing less than that is acceptable to our service users.

December 15th 2013

This is the first deadline – the switch off of all things RM. Between now and then a new authentication service needs to be created, user data needs to be migrated from the RM system to the new authentication. A new portal (the ICT Excellence Group called this the user configuration service) will be required which will allow users to configure and manage their services, interact with each other and view on-line activity. Tools will be required to manage users, set permissions, allow local authorities to manage accounts, change passwords, link to school management information systems etc.

Discussions about the role of local authorities, the services that are required, the position of Office 365 within GlowPlus (especially given it’s poor mobile support currently) and many more things need to be discussed and agreed upon as we go forward.

And don’t forget that we need to act quickly. Remember, last year we were forced into a 15 month extension with RM at a cost of £6.6 million (inc VAT) because of the tight timeline and the need to ensure continuity of service. Last time, the RM switch off was September 12 2012 and their contract was agreed and extended at the end of May (with an announcement in June) – the new authentication service must start deployment in September/October of this year so that a smooth transition is completed before the RM switch off in December – we have six months to build the core services. It can’t be left to a big bang change-over on December 15th!

Failure to meet expectations

Perhaps this is the biggest risk of all. The ICT Excellence group report has produced a clear vision of the future service. A vision clearly focused on the two main end users: the learner and the teacher but also with consideration of the needs of parents, local authorities and national bodies.

There is a major risk of over promising and under delivering as the original Glow did. We need to turn that around. A small agile team must under-promise and over-deliver. In a world where our learners and educators have already voted with their feet, we need to be very clear about meeting and exceeding user expectations to win them back.

Can we build it? Yes, we can!

So, I’ve described what I think are the risks. Add any you can think of in the comments. In my next post I’ll show how all of this can be achieved by an agile development team and how we can use the public sector procurement process and partnerships with providers and local authorities to ensure great service delivery.

Having been one of the original test leads (data exchange and provisioning) I know the difficulties. Although I have moved on I still have a vested interest in the Glow survival plan!

I agree with you re mobile, however, I disagree on the timescales, if you want the service up and running for the Dec13 switch off you need to have the solution tested and in place before the summer break, aka by June 2013.

From then on you need to start the migration and training process as there will be considerable issues involved. You also need to have a seamless login in place so that to the end user they continue to login but to another system.

From what I have read from Jim Buchan and Jason Dixon et al I am not convinced there is more than a 20% chance of success. Mind you I am far removed from the dev now.

Yes, I think given the amount of time remaining that a further extension of the RM Unify Service and the Glow Authentication is likely until the end of the Microsoft Office 365 agreement at the end of December 2014. Because RM will only be delivering Unify (and the Glow Authentication) the costs should be significantly reduced. I costed Unify for every school in Scotland based on the most recent ScotXEd survey and the price was around £850,000 – significantly cheaper than the £5.5 million we are paying currently. And since authentication is part of Unify I would expect the price to be less than this with RM giving Scotland a bulk discount for the service for the next year ;o

So, perhaps the most realistic way forward, to allow an agile team time to build a service, is to extend Unify and use the time to manage change effectively. Personally, I think we could still make it but the timelines are tight.

I might be wrong, but I get the feeling its been planned that way. My comment on your latest post alludes to that. Things could have been very different. Perhaps the whole ICTEx exercise was to provide a veneer of respectability to an already done deal. After all, as Michael Russell said to us at the end of last year, we are now where we should have been eighteen months ago…

There is still a lot to come out about the behind the scenes happenings of the first six months of last year which would support this scenario…

Hi both, I would be interested in reading the report if that is possible.

Regarding cost saving from RM, I think you need to look where the costs are going, the 2 data centres in Edinburgh along with the maintenance staff (IT Only, not development) with overhead for office space etc will be of the order of 0.5million.